Breaking the Monolith: best practices to containerize your app

Transcript

1. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S U M M I T Breaking the Monolith Best Practices to run containers in the cloud M A P 0 0 4 Sébastien Stormacq | @sebsto Technical Evangelist, AWS EMEA Akos Veres | @puck Operability Engineer, Equal Experts

2. S U M M I T © 2019, Amazon Web

   Services, Inc. or its affiliates. All rights reserved.

3. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. The 12 factor application I. Codebase One codebase w/ revision control, many deploys II. Dependencies Explicitly declare and isolate dependencies III. Config Store config in the environment IV. Backing services Treat backing services as attached resources V. Build, release, run Strictly separate build and run stages VI. Processes Execute the app as one or more stateless processes VII. Port binding Export services via port binding VIII. Concurrency Scale out via the process model IX. Disposability Fast startup and graceful shutdown X. Dev/prod parity Keep environments as similar as possible XI. Logs Treat logs as event streams XII. Admin processes Run admin/management tasks as one-off processes

4. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. You know what’s great for a 12 factor app?

5. S U M M I T © 2019, Amazon Web

   Services, Inc. or its affiliates. All rights reserved.

6. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. RUNNING A SINGLE CONTAINER

7. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task RUNNING CONTAINERS

8. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3 Scheduling and Orchestration Cluster Manager Placement Engine

9. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. ECS AMI Docker agent ECS agent ECSTask ECSTask ECSTask ECSTask EC2 Instance

10. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance Scheduling and Orchestration Cluster Manager Placement Engine

11. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. “Just launch 10 copies of my container distributed across three availability zones and connect them to this load balancer” X 10

12. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. One codebase tracked in revision control, many deploys

13. Deployed Version Code Version Control

14. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Staging / QA Production Dev #1 Dev #2

15. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Explicitly declare and isolate dependencies

16. Dependencies Binaries Code Application Bundle

17. Dependency Declaration: Node.js package.json npm install # - or -

    yarn install

18. Dependency Declaration: Python requirements.txt pip install

19. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Dependencies Dependencies Binaries Code

20. Dependency Declaration & Isolation: Docker Dockerfile docker build

21. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Store config in the environment

22. Development Configuration Production Configuration Development Production

23. Development Production Same container deployed to both environments. Configuration is

    part of the environment on the host.

24. At runtime the container gets config from the environment.

25. Application code pulls from the environment Environment is customized when

    docker runs a container

26. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Secrets Manager & Task Definitions "containerDefinitions": [ { "secrets": [ { "name": "environment_variable_name", "valueFrom": ”arn_of_your_secret" } ] } ]

27. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Treat backing services as attached resources

28. PostgreSQL app1 Host app2 3rd party service Treat local services

    just like remote third party ones

29. PostgreSQL app1 app2 Load balancer Use CNAMES for maximum flexibility

    and easy reconfiguration postgres.mycompany.com app2.mycompany.com

30. Easily create and maintain custom maps of your applications Before

    Version 2 After Version 2

31. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Strictly separate build and run stages

32. Build Dependencies Binaries Code

33. Release Config Release Build Artifact + = Tagged image stored

    in ECR

34. Amazon Elastic Container Service Config

35. Run Task Definition Release v1 Task Definition Release v2

36. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS appspec version: 1.0 Resources: - TargetService: Type: AWS::ECS::Service Properties: - TaskDefinition: "my_task_definition:8" LoadBalancerInfos: - ContainerName: "SampleApp" ContainerPort: 80 Hooks: - BeforeInstall: "LambdaFunctionToExecuteAnythingBeforeNewRevisionInstallation" - AfterInstall: "LambdaFunctionToExecuteAnythingAfterNewRevisionInstallation" - AfterAllowTestTraffic: "LambdaFunctionToValidateAfterTestTrafficShift" - BeforeAllowTraffic: "LambdaFunctionToValidateBeforeTrafficShift" - AfterAllowTraffic: "LambdaFunctionToValidateAfterTrafficShift"

37. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic

38. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment Target group 2 100% Prod traffic Test traffic listener (port 9000)

39. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment Green tasks: v2 code 100% Prod traffic Provision green tasks

40. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Test traffic 100% Prod traffic Run hook against test endpoint before green tasks receive prod traffic

41. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic Flip traffic to green tasks, rollback in case of alarm 0% Prod traffic

42. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic Drain blue tasks

43. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments • Docker tags are resolved when each container starts, not just during deployments • Deploying “latest” or “prod” can result in untested code in production after a scale-out event • Use unique “immutable” tags for deployments

44. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments

45. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Build pushes new “latest” image Image: sha256@22222... (“latest”)

46. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Service scales up, launching new tasks Image: sha256@22222... (“latest”)

47. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Deploy using immutable tags { "name": "sample-app", "image": "amazon/amazon-ecs- sample@sha256:3e39d933b1d948c92309bb583b5a1f3d28f0119e1551ca1fe538ba414a41af48d" } { "name": "sample-app", "image": "amazon/amazon-ecs-sample:build-b2085490-359f-4eaf-8970-6d1e26c354f0" } SHA256 Digest Build ID

48. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Compute immutable tags during build SHA256 Digest export IMAGE_URI=`docker inspect --format='{{index .RepoDigests 0}}' my_image:$IMAGE_TAG Example Result: amazon/amazon-ecs-sample@sha256:3e39d933b... Build ID export IMAGE_TAG=build-`echo $CODEBUILD_BUILD_ID | awk –F":" ‘{print $2}'` Example Result: build-b2085490-359f-4eaf-8970-6d1e26c354f0

49. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments

50. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Build pushes new image tagged with new build ID Image: sha256@22222... (“build-22222”)

51. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Service scales up, launching new tasks Image: sha256@22222... (“build-22222”)

52. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Image: “build-22222” tag Deployment updates service’s task definition, replacing tasks Image: sha256@22222... (“build-22222”)

53. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T A journey to Infrastructure Automation Akos Veres | @puck Operability Engineer Equal Experts

54. Who we are Founded in 2007 to challenge the traditional

    consulting model, we are now 1000+ expert consultants delivering custom software and helping with digital transformation for our clients – globally. The information contained in this document is confidential and proprietary. Copyright © Equal Experts. All rights reserved.

55. Locations UK London, Manchester, Leeds Canada Calgary India Pune, Bengaluru

    Australia/NZ Sydney/Auckland Portugal Lisbon USA New York Germany Berlin South Africa Cape Town, Johannesburg The information contained in this document is confidential and proprietary. Copyright © Equal Experts. All rights reserved.

56. Current Implementation

57. Existing Setup - Non-prod only

58. Start somewhere - Semi-automatic update

59. Pros and Cons of Current Implementation Cons: • Manual Tasks

    • Manual Tests • Test Environment Only Pros: • Gaining confidence in tools and processes • Some level of automation • Starting somewhere

60. Future implementation

61. Build new Infrastructure Kubernetes Resources Test Promote

62. Automate everything

63. AWS Step Functions - Rotate AMI

64. Learnings

65. Learnings from the journey • Team sport • Start with

    anything • Development environment for infra • Be ready to change solution • ~2 days from 1.10 to 1.13 using “The Bash”™ script • Backup & Roll-back solution • Strategy > Tools

66. We all love stats

67. Simple solutions to big business problems. Cape Town +27 21

    680 5252 [email protected] Equal Experts SA (PTY) Ltd Unit A073 3rd Floor West Wing The Palms Woodstock Cape Town Contact - South Africa Simple solutions to big business problems.

68. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Execute the app as one or more stateless processes

69. Stateful container stores state in local disk or local memory.

    Workload ends up tied to a specific host that has state data. eu-west-1b Container 1 Disk eu-west-1c eu-west-1a

70. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Stateful data Use services: • Amazon RDS • Amazon DynamoDB • Amazon ElasticCache • Amazon ElasticSearch • Amazon S3 • ……

71. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Export services via port binding

72. Port 32456 Port 32457 Port 32458

73. Port 32768 Port 33487 Port 32192 Port 32794 Port 32781

    Match: /api/users* Match: /api/auth*

74. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Keep development, staging, and production as similar as possible

75. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Dev #1 Dev #2 Staging / QA Production

76. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Staging / QA Production Dev #1 Dev #2 Local Application Remote

77. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Model container environments with AWS Cloud Development Kit (CDK) Developer Preview • Open source framework to define cloud infrastructure in TypeScript, Java, C#, … • Provides library of higher-level resource types (“construct” classes) that have AWS best practices built in by default, packaged as npm modules • Provisions resources with CloudFormation • Supports all CloudFormation resource types AWS CDK https://awslabs.github.io/aws-cdk

78. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CDK template import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run();

79. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run(); CDK template

80. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CDK template import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run();

81. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved. Treat logs as event streams

82. Docker connects container’s stdout to a log driver Containerized code

    writes to stdout

83. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CLOUDWATCH LOGS CONFIGURATION { "containerDefinitions": [ { "name":“scorekeep-api", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/api"}} } ]}

84. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CLOUDWATCH LOGS Logs Tab in the Task Detail Page View logs in the ECS or Cloudwatch Console

85. Thank you! S U M M I T © 2019,

    Amazon Web Services, Inc. or its affiliates. All rights reserved. Sébastien Stormacq | @sebsto Technical Evangelist, AWS EMEA Akos Veres | @puck Operability Engineer, Equal Experts

86. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved.